The Microsoft 365 Defender Research Team recently shared a post, explaining how a toll fraud malware can subscribe users to premium services, without them ever finding out and realizing it. The malware has improved a lot over the years, and it can hide all of its tracks, leaving the user with a drained wallet.
In a new blog post, the Microsoft 365 Deferender Research Team explained how the toll fraud malware works, and how it can be used to subscribe users to premium services, without them ever finding out about it. The malware has many unique behaviors. And it can easily target specific network operators and hide its tracks.
The malware has a lot of steps to execute, and it’s called “toll frauds”, because it charges the user’s telecom bill, instead of requiring a credit or debit card. It can use “dynamic code loading” to infect users and devices and exploits the WAP (Wireless Application Protocol) protocol that is widely used by network operators.
Once a device is connected to the target network, the device then subscribes to fraudulent services without the user’s consent. The malware may be able to disable the user’s Wi-Fi connection, or wait for it to go outside of the Wi-Fi coverage.
The malware can also intercept and access the one-time passwords (OTP), usually sent to authenticate purchases. The malware also hides any notifications and can fill out the information on the user’s behalf, completely hiding all of its tracks. Users often find out about the malware once it’s too late, and they must pay at the end of their agreement or the end of the month.
These techniques are becoming popular
The telecom scam technique has been widely used in the past, and it has started to take off again in recent years. It’s also a popular method in developing countries, as most people often only use prepaid or monthly SIM services, letting the attackers grab a large sum of money.
There’s no sign of this method slowing down anytime soon, and we suspect it’ll be here to stay in the long run. Once the malware is executed correctly, it only has to go through the steps to start collecting money from unsuspected users. The Toll Fraud malware has also been the most prevalent type on Android since 2017. The malware has accounted for 34.8% of installed Potentially Harmful Application (PHA) from the Google Play Store in the first quarter of 2022, ranking second to spyware.
How to prevent it?
Fortunately, the malicious code is mainly distributed outside the Google Play Store, since Google restricts the use of dynamic code to be loaded onto any apps on the Google Play Store. The chances of general users being affected are low, but it can happen upon accessing third-party and unknown applications from outside of the Google Play Store.
We strongly encourage you to only download files that you can verify. Using third-party services always comes with risks, and we recommend against using them. It’s also worth pointing out that Google’s own system isn’t perfect, and things can also get uploaded to the Play Store by accident.
The Defender Team also recommends that users “avoid granting SMS permissions, notification listener access, or accessibility access to any applications without a strong understanding of why the application needs it.”
Additionally, the team recommends users to upgrade their devices once they are no longer expected to receive any more updates. New security patches can be downloaded semi-frequently, keeping you safe from malware and other fraudulent actions.
If you’d like to find out more about how the malware works, and how it can be executed on a device, check out the Microsoft blog post with more detailed explanations. The team explains the process and demonstrates the method with clear examples.
First Galaxy Z Flip 4 Color Sells Out
The entire suite of new Galaxy products has been up for pre-order since Wednesday and we keep checking to see if any of it is selling out. So far, not much has outside of a single online exclusive color of the Galaxy Z Flip 4, while the Fold 4 and both Galaxy Watch 5 watches can still be had with August 26 launch day delivery.
The first color of the Galaxy Z Flip 4 to sellout is the “Navy” colorway. The pre-configured version with navy is listed now as “out of stock,” plus if you try and use the Bespoke tool to capture a Flip 4 entirely in navy, it’ll show there as soldout too. Interestingly, if you Bespoke tool a Flip 4 and only put navy as a single panel, you’ll get a 3-4 weeks estimate.
The only other item with even a slight delay is the goofy burgundy Fold 4, but it appears to be sticking to the advertised 3-4 week delivery. I wouldn’t actually consider it much of a delay.
Whatever the situation is here, I’ve got to admit that I’m surprised that more of the new Samsung devices aren’t soldout or with extended shipping times. As of right now, all four of the main Flip 4 colors will arrive on time (see here), as will the three main Fold 4 colors (see here) and the Galaxy Watch 5 and Watch 5 Pro in all configurations (see here).
Compare this launch to the Galaxy S22 from earlier in 2022 and they couldn’t have hit differently. Samsung’s dates for the exclusive online colors of the S22 Ultra started slipping almost immediately, which we know first hand because of Tim’s struggles to land one. Within a week, the dates further moved with estimates a full month out or even later.
We’ll keep an eye on shipping times over the next week or so to see how this launch changes. Will the situation start to match the Galaxy S22 launch or are the minor improvements in this year’s foldable line-up not enough to get people to bite? In my first couple of days with the Flip 4, I can tell you that the phone is very much like the Flip 3, but that doesn’t mean I’m not enjoying the hell out of it.
Telegram’s Big Update is for the Emoji Lovers
A new update is rolling out to Telegram today and it is all about emoji. If you love emoji, custom emoji, animated emoji, or any other type of emoji, you are in for a special treat.
Telegram announced its new Emoji Platform “where anyone can upload custom packs with unique art styles and characters for Telegram Premium users.” Folks can use these uploaded custom emoji packs in messages or captions, plus premium users are getting access to another 10 emoji packs.
To make it more obvious that all of these new custom and animated emoji are available, you’ll see the sticker shortcut in the message box turn into an emoji shortcut as you type. That shortcut leads to a new emoji panel, where you’ll see suggestions and be able to browse your various packs. To make things (potentially) easier, typing shortcuts like :smile or :lol will give you all of the available options too.
And finally, custom emoji can be interactive in 1-on-1 chats, so “any user can tap to play synchronized, full-screen effects” from all of the emoji you spam off to friends.
For iOS users, there are new sticker, GIF, and emoji panels “with separate tabs for stickers, GIFs and emoji – just like on the Android, desktop and web apps.”
In other Telegram Premium feature news, users will find a setting that allows them to control who is able to send them voice and video messages. The options now are Everyone, My Contacts, or Nobody.
There are additional controls that will let you choose specific people or groups, and of course, you can always convert audio messages in to text. The settings for all of this are in Settings > Privacy and Security > Voice Messages.
The last new feature for Premium users is an option to “share the experience with friends, family and coworkers by sending them a prepaid subscription for 3, 6 or 12 months – at a discount.” To do so, you can tap on the profile image of someone in a chat, then the 3-dot menu to “Gift Premium.”
These updates appear to be rolling out right away, as I’ve already seen the update on Android.
First Early Galaxy Watch 5 Pro Review Arrived
Of the two new Galaxy Watch 5 models announced, the Galaxy Watch 5 Pro is the one we’re most interested in. Not only is Samsung marketing it as an “outdoors” watch for the active type, they also gave it “Pro” name, as if it packs a number of extra features over the regular model. We don’t have one in for review (we did order one) yet, so we’re doing that thing we often do with Samsung launches – looking elsewhere for early impressions.
Thanks to Ray from DC Rainmaker, one of the best at reviewing sports watches, we have a first early Galaxy Watch 5 Pro review to analyze. He took the watch for a run to test GPS and heartrate accuracy, as well as battery life. The video he posted also compares some features of the Watch 5 Pro to the Watch 5, in case we didn’t do a good enough job of that earlier in the week.
The takeaways from this early and not-at-all-final review, show that the new Compass feature might have some initial issues, GPS accuracy is not bad and performs far better than the Apple Watch Series 7, heartrate accuracy was quite good after a slowish start, and that GPS battery life is probably closer to half of what Samsung is advertising. Daily battery without GPS is likely closer to 2.5 days vs. the 3.5 days advertised. Again, these are all early, first look numbers that could change over the coming weeks with more testing.
The video also dives into “Pro” features here and laughs a bit at what that even means because there aren’t really any pro features when you compare to other outdoor-focused sports watches. And I would tend to agree with that. In fact, Tim and I were joking earlier in the week about Samsung’s forced “outdoors” push for this watch, when almost nothing about the watch makes it better for outdoors than other Samsung watches except for GPX support and backtracking when navigating. These are not “pro” features and the rest of the watch is just the same as the Watch 5. It’s just silly branding.
Anyways, we’ll have our Watch 5 Pro soon enough and will do out own testing. If you were trying to decide now to get in on this awesome pre-order promo ($50 credit, free Charger Duo, and $240 off trade-in) , give the video below a watch.
social4 weeks ago
Sendit, Yolo, NGL: Anonymous Social Apps Are Taking Over Once More, but They Aren’t Without Risks
Android4 weeks ago
How to reserve a Samsung Galaxy Z Fold 4 or Flip 4 & get up to $200 in credit
Android4 weeks ago
Should you buy the new Google Pixel 6a or the OG Pixel 6?
Android4 weeks ago
Get a 256GB Samsung Galaxy S22 for just $100
Accessories3 weeks ago
Best deals today: Samsung’s Neo QLED 8K Smart TV, Google Pixel 6 Pro, and more
internet3 weeks ago
Google Search Sales Grow 14 percent in Q2 2022, Driven by travel and retail advertising
Accessories3 weeks ago
Here are the best cases for MacBook Air M2 (2022)
gaming3 weeks ago
Raji: An Ancient Epic Enhanced Edition Out Now on PS4, PS5, Xbox One, Xbox Series S/X